Fix more d2i cases to properly update the input pointer
authorKurt Roeckx <kurt@roeckx.be>
Tue, 29 Sep 2015 17:59:48 +0000 (19:59 +0200)
committerKurt Roeckx <kurt@roeckx.be>
Sat, 3 Oct 2015 11:22:52 +0000 (13:22 +0200)
Thanks to David Benjamin <davidben@google.com> for pointing them out.

Reviewed-by: Steve Henson <steve@openssl.org>
MR #1198

crypto/asn1/d2i_pr.c
crypto/x509/x_x509.c

index 90ec2f4..1b6f8eb 100644 (file)
@@ -104,7 +104,8 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
             EVP_PKEY_free(ret);
             ret = EVP_PKCS82PKEY(p8);
             PKCS8_PRIV_KEY_INFO_free(p8);
-
+            if (ret == NULL)
+                goto err;
         } else {
             ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
             goto err;
@@ -160,8 +161,9 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
         }
         ret = EVP_PKCS82PKEY(p8);
         PKCS8_PRIV_KEY_INFO_free(p8);
-        if (ret != NULL)
-            *pp = p;
+        if (ret == NULL)
+            return NULL;
+        *pp = p;
         if (a) {
             *a = ret;
         }
index 028c75a..92d4fa3 100644 (file)
@@ -184,9 +184,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
         return NULL;
     /* update length */
     length -= q - *pp;
-    if (!length)
-        return ret;
-    if (!d2i_X509_CERT_AUX(&ret->aux, &q, length))
+    if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length))
         goto err;
     *pp = q;
     return ret;